Description
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.
Remediation
References
Related Vulnerabilities
WordPress Plugin Custom Content Type Manager Backdoor (0.9.8.8)
Oracle Database Server CVE-2014-6577 Vulnerability (CVE-2014-6577)
Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1487)
Internet Information Services Other Vulnerability (CVE-2000-0025)
WordPress Plugin Acobot Live Chat & Contact Form Multiple Vulnerabilities (2.0)